Using MS-CHAP with Radius Authentication

• Microsoft Windows NT Server version 4.0
• Microsoft Routing & Remote Access Service Update for Windows NT Server version 4.0

SYMPTOMS

Microsoft Windows NT Routing and Remote Access Server does not offer MS-CHAP authentication when used as a Radius client.

CAUSE

This is by design because several third-party Radius servers do not support MS-CHAP authentication.

RESOLUTION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

To enable MS-CHAP with RADIUS authentication, you must add a registry value:

1. Start Registry Editor (Regedt32.exe).



2. Locate the following key in the registry:




HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\PPP\CHAP

3. On the Edit menu, click Add Value, and then add the following registry value:




DWORD: OfferMSCHAP
Value: 0x00000001


4. Quit Registry Editor.

STATUS

This behavior is by design.

MORE INFORMATION

Set the above registry key to use MS-CHAP authentication when using the Microsoft Windows NT Routing and Remote Access Server with either Microsoft Radius Server or a third-party Radius server that can offer MS-CHAP authentication.

Additional query words: ms-chap

Keywords          : ntras 
Version           : winnt:4.0
Platform          : winnt 
Issue type        : kbbug 

Last Reviewed: April 2, 1999